1

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Topic: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Dear Gurtam Team, i know, you are using Linux and there are no security issues so you will never think about the advantages of 2 factor authentification, but all serious services i use and know support 2 factor auth.
Even our stupied windows servers are all secured by 2 factor auth.

I think for the moment securing cms.wialon.com would be enough... it should be possible to use multiple auth tokens for same username (so that two or more people (admins) can login with master user.
Or use "Wialon App" and push notifications... for example i can add some "phones" and when i do the login process it asks me to choose the phone where to send the push notification.

(by the way, something like that could work also for the hosting web gui...)

Thanks,

Wolf.

Politeness dictates it to write his name on a post
2

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

(edited by JohnG 19/04/2017 17:15:42)

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

This is a must in my opinion. Having a mobile phone to send an sms to with a verification code works extremely well. We need to be able to also differentiate by function to be done as well....eg if a deletion of an account is attempted even if the user is authenticated an second phone ie the company owner, gets the sms code validation. This is to protect against trusted employees doing something they should not.

It would be good to have emails also attached to certain functions that we want to monitor...Like Wolf saya even Microsoft have this :-)

Phoenix Solusi
Mobile Visible Secure
Specialists in data acquisition and analysis for mobile and fixed assets. Integration in to content management systems is a specialty we have.
3

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Hi There

2 factor authentication is seriously asked by government body/military customers. OTP via smartphone application will be great. I strongly agree with Wolf. Our customers need it for Monitoring panel as well.
Any feedback from Gurtam guys?

4

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

(edited by hhamedk 09/05/2017 18:44:26)

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Other partners please vote, if you find this function useful...

5

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

We are also agree... This is a must have...

6

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Hi there

Discussing with other valuable partners specially Wolf, It seems convenient if somewhere in CMS we can manage all granted OTP Generator smartphone applications for each account. There, we should be possible to remove any granted OTP generator.

7

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Upvotes for the feature got heard and placed it in the 'analysis' mode.

Pavel Bushuyeu
Product Owner, Mobile
Gurtam
8

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Hi Pavel, great to hear that.

Please have in mind, that there is a little little enhanced Problem: one username, more than one real people behind that... my idea t solve this problem would be like a "subuser"...
On Loginscreen you do a normal login. If that account use 2 factor auth, there comes a little second screen where you can choose the "real people with their token generators"... like a drop downlist and than enter the token. So Wialon knows: ah ha, i need to take this users token algorithm and bind it to the SID of the login credentials.

I dont know if this is understandable? (i am not the GUI guy)

Wolf

Politeness dictates it to write his name on a post
9

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Danke schön for the comment, wwbusch aka Buwo 
Problem is heard, we'll dive deeper into it in the nearest future smile

Pavel Bushuyeu
Product Owner, Mobile
Gurtam
10

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

It should be set at the user level Wolf. So there is a check box whether the use has MFA or not and then if checked what is the form of second authentication.

Phoenix Solusi
Mobile Visible Secure
Specialists in data acquisition and analysis for mobile and fixed assets. Integration in to content management systems is a specialty we have.
11

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

John, i know that you are the master of 2FA (so having the 2FA in your hands), but if i tell Erik "sorry Erik, i can login, but you need to ask me for a token", he will kill me ;-) So there must be a way to have 2 tokens on the same master account!

Wolf.

Politeness dictates it to write his name on a post
12

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

(edited by JohnG 06/06/2017 16:21:00)

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

That is what I am saying each uses should have their own log in and each login can have 2FA so work independently of each other. You log in and you have to provide your second factor approval and if Erik logs in he has to provide his. The use of a single log in by a number of people ruins the audit trail.

The reason that MFA is used is to improve security around the log in process. Same as what a lot of banks do in regards to transactions.

You could have a single phone or dongle that you could use if you did not want to have individual validation to your own device but that sort of defeats the purpose.

This may be worth looking at https://get.cmtelecom.com/otp-apac/

Phoenix Solusi
Mobile Visible Secure
Specialists in data acquisition and analysis for mobile and fixed assets. Integration in to content management systems is a specialty we have.
13

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

John,

how do you solve the following problem:

Masterlogin = ABCD
We always log into Wialon witth ABCD because we create all accounts and units under ABCD.

Customer DEFG has 3 employes, they also log into the plattform as DEFG and not DEFG_User1 and DEFG_User2.

I think most Endusers has ONE username and not for every Employee ONE username.

So if we can not change this scheme (many people using ONE login), and still want to have 2FA, what then? I think the only way is to create "2FA" users, which are connected to ONE username... (as i described above)

Or do you have a better Idea?

Wolf.

Politeness dictates it to write his name on a post
14

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Dear partners, the latest Beta should make your clients' lives more secure, as we implemented the two-factor authorization.
Read the documentation or the weblog to find details.

Attention: there is no compatibility between Beta and Stable. So after you test it in Beta, switch off the option before use Stable branch.

Tatsiana Kots
Ex-Business Analyst, Gurtam
15

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

tata, thank you all in GT and we are happy to hear that.

16

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Hi GT

Some customers want to make users to use 2-Factor-Auth as they have restricted security rules. It would be great if we can make all users under an account to activate 2-Factor-Auth and unless that prevent them from login to system.

17

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Hello Hamed

It is a rather uncommon procedure to force 2auth for end-users. So we cannot do it for all and if we do it optional, the usage of it will be near 0.
So I'd recommend using some administrative procedure to activate 2ath for all end-users. And with the software help just check the results (check users' properties).

Tatsiana Kots
Ex-Business Analyst, Gurtam
18

Google Authentificator (or 2 Factor Auth) for cms.wialon.com

Re: Google Authentificator (or 2 Factor Auth) for cms.wialon.com

tata, we can add an option in account properties to force all users under this account enable 2-factor Auth.